Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
188s -
max time network
195s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
22/04/2024, 08:58
General
-
Target
https://vencord.dev/download
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 14 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Modifies system certificate store 2 TTPs 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vencord.dev/download1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc83c046f8,0x7ffc83c04708,0x7ffc83c047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5584 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4856 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"2⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3744 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5956 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6000 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1606396646744949051,15304957927372677376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\VencordInstaller.exe"C:\Users\Admin\Downloads\VencordInstaller.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b0 0x5041⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cff358b013d6f9f633bc1587f6f54ffa
SHA16cb7852e096be24695ff1bc213abde42d35bb376
SHA25639205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9
SHA5128831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259
-
Filesize
152B
MD5dc629a750e345390344524fe0ea7dcd7
SHA15f9f00a358caaef0321707c4f6f38d52bd7e0399
SHA25638b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a
SHA5122a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902
-
Filesize
6KB
MD51ea79ba0afdbb3d29d7b5e70898039f0
SHA16aeac9f009e3a17609ec92b37319f10a8722d95c
SHA256c38dcc68663e3ff77ba813ce80840e24ced6385511bd728b7664fa50428b6dc4
SHA512c5b0b2a7745d1dcb5cc24e6c2c0023d49ca3f46fcdd3733670ec621ec1a3ad7e333cb6ab4c0a9c4907cf4e7a1b66e2bbf1297a99f1b6045172ac4163f2863310
-
Filesize
27KB
MD5d6f862353c2433098d82725f90a0e280
SHA155ab2e7e58fd35c99aec7fb52849d866eaefc438
SHA256719a5b617534fb3a811c51a999f943911439fb43225e3a38a79dfb9c0ffbac38
SHA5120de7c8478de4d63e2d49e834c5ddc7e6190dfa851b46914f32adc392c1b9e22e6222c01950738985b44612b65a8cdfa6ddd99e77c49e1d6b9257c63af974b178
-
Filesize
64KB
MD5a1958926b60d2e0e216a7cf0d2c264a2
SHA17c00bedec8a97c9529023232ec9e91835d9bcd12
SHA2567ac77390719df1ba219e84d2ea25b9c9d51d56c7772f0ff68a40235c954f8009
SHA51289bc122bd2d2ea51382bee8122118a63bfb1627d29af9b4ecf32e956b9003dc93e64494787f114f1f86be25834061da664e7ec74340452428ffca823d5b23414
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
76KB
MD5e820413646d8d8f7f3cac5581bc97c92
SHA14623497791c715be0685c56a754dbc17cd01562c
SHA2561fd9138b9a9d7e3e843304bf211ed12c33e87014557d270c4ca9826b9e2c29eb
SHA51262d469b66cd02aa9f178c42a145d9c4912eb47a0161511ead61a67b574b8b4e77c2a3d44e5285e691048462810b058e30009c14544093198d15ec9cbed8b659a
-
Filesize
93KB
MD51397940e2686a2305e855a6f40cd5360
SHA1b90d48df2ab8bb6e2326cf202711801e76e9df05
SHA25617b754c8971b181f2d9c596b65edf80ff781214ac700301ae65418074a6b9518
SHA512e1be1fd2ed2fd28b054263ac9fd278cc73a59e728af30d0c91c11fcf8b68735526076af45356f3c0602bbd5ea7907e073140cfd47d8dcf28915ddbf3abe11dc3
-
Filesize
29KB
MD5f85e85276ba5f87111add53684ec3fcb
SHA1ecaf9aa3c5dd50eca0b83f1fb9effad801336441
SHA2564b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432
SHA5121915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53
-
Filesize
16KB
MD548c80c7c28b5b00a8b4ff94a22b72fe3
SHA1d57303c2ad2fd5cedc5cb20f264a6965a7819cee
SHA2566e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
SHA512c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658
-
Filesize
120B
MD5eff812f4585c97bb4499a89d1e64bc84
SHA13f240b9a4d25cca0b9b72f0fb5283b24ab45a63c
SHA256c5a35e8e6f4694a66e4e4f395ba393c53a889626027353a346c03f97e820ec09
SHA512fc6c11f09e031ac78c831b3b0f2f193d220536a970d63ed69809fa47e357312b550aabd426d2a1c687d2ba3ab17ed854311a321c4a51c942b919dcf7e34f7e11
-
Filesize
3KB
MD56185c8e6fd21856e8939694eacdc4027
SHA1f54f2b5e23c2170ed45a27caf39576cd20c888ef
SHA256b737a7b784c62a956db712b2c95fd3570dff6a77e9131b659bead5d313439522
SHA512954f3919c086818188d4e5b85c81373fe156373b180a461fdc023b8a1739a93e799dea303c09cedbd27952c9ebcbd92a5fddeaa8b33b5ce5fcdb866350c3005b
-
Filesize
334B
MD5d847f4b8953364b6aaf1a0dff6e2ed21
SHA1f6848625961da76fa6b63764397268f8bba8fb22
SHA25672238a6dc63ad93e59e1f734d9b040d83905dff13c42b2325ef336e763798e53
SHA512eed7e21c7a020a062648964acc3c62ab0c24f7296082fc7ddc280ebf03c64d311cd0a5a17386fcc2c4b3356409dbd75735f2756171d658c029b476489eb0b38d
-
Filesize
6KB
MD58283002a0c594a8a8989dff776ea0322
SHA1a257bb2385ce847377d1291ee7da668d14439172
SHA256bcd8b443300805e63c9804542f1f9fab1bd11922bf760bc4eceb30268eb3c621
SHA512defbada8ba3f4f7ae091091c75747fc147fdb41d7ee2fa6b83bbe3a4525b36e611bc19756d74809bfe94516fae5a2969629d0757dfec998d39c09d2aa0600d82
-
Filesize
8KB
MD5ef59881afbd3307783ff55a189082f48
SHA1239315cb6a3387855d09aea492e9337a7d238ba8
SHA256f693873e22f071a1533b2ccb16ca077d942653e5507bae23c0bb72cf70178cab
SHA512720a7c9cd001f5b65025e5ce271e5ee59a6a41a0046e4d9e76e04c3ac814e9fd7b506c00e66ae1755e9099ed6b412acda626849162bb554a56c79bf9a3b984e0
-
Filesize
9KB
MD5982154471552599f7966a0f9f5ad880e
SHA1622178bab4a013ddb41725df7a5d45d15d69565f
SHA2561d954692f3f06a1540077bf2f93fc92a173811601b9b437b199929544f6d169d
SHA5121e459edfcbbfa5de7a01d01985bd2d27ccd1216d467de12d3f1d6c7d5452c31364bde6d70df4374581c65c63be024070663db5ba06e0300836b77410795f3715
-
Filesize
6KB
MD566d18791a9deda554fcfde23dd561350
SHA184586df807568b7e045d137501e82a933631b27e
SHA256b25650a2728385c55be45ced990069e02aa153c76c6e7b07dc7bd9fd6686e03c
SHA5125cb928bb81de798dfe5e88f6f482b82960b912bdb73b8c370c82baf9b04abe70246f117f127ad02bb4c287635caf88ee941848d4978dc58c6727a1ff1002d903
-
Filesize
9KB
MD574e5d4964bd90235359c94948f87a5b9
SHA190da57cac767f6b3a2cd9624bb99211549108a03
SHA256006e87dad8d73b4f6aed981fbb4c8b92adee76d276095abcb4a06e1160c60c97
SHA512e0b26f953f210d6c064d8f3824fdd42a84140be5844c481d877452688a63607eaa62ba873e94e791ad2d318dc4d5ed72a0e142a35f5aeb4d28618cd9836b6bf9
-
Filesize
96B
MD554f00fb64dec9f6d97dcdb00554bea67
SHA16e06efe34ff1d7f5815edc53d5b079d203f92f5d
SHA256571e7ad085b74800d7959a45b38af0be8a3ca32809d981c117f040230b58d1b8
SHA512d32fb4ef9f186e89384a1e60c908a3cac46cfeb5776961295b888e9f3d4b1b2ab6d726c7eae185a4c769961eac3e6bb9c62591c105c0f0c72e95618885c16547
-
Filesize
48B
MD52253527aac94d117b9a2c9d78baf0cc0
SHA17d75dbba8b019e00435b562edea1ed358ca9ffef
SHA25636fb7fce8a6608f71cff9df5757c5520baa757c7982973c3fcf5c0ba506038bc
SHA51218ed618aa6ce6628f25ebe6855325e3bba5ab77ec3c7d1b3b847d06ae20cfe24895a4a523fec1720c85676ab1e2102753f6e20bbdbf8b0ac8b1818ea7ad27821
-
Filesize
1KB
MD5f5159590824326454c6a6567d3d36e49
SHA1373ab40f02911878e9f2d43b762527d156eb3d7b
SHA25629342b1c5c95ecad0c39ace716bc765b9c8234580b9eacbd7817860c51183e70
SHA5121e1e35f269a9c777d03f19f94211aa773b771be796c36dd22175de1dc1537baa1f519354214e7cb6ed57a07b3a6c8dd5348aa999accfd33629e3edda2c74df31
-
Filesize
1KB
MD5011fc91bbe0e12020a176098043327d3
SHA1027164f0b8c846103c6241441f80782d02453615
SHA256dec43e14083912190189f4f3553642ef8994cbcf3354e4062757d0d03d11d97f
SHA5124b65836d65f23964bf635e346bbbfc750988f8ff04093376d995c7a848cd5af0e9e36c6bb57586feb2badbc16dd32196a8c2066da544d8fc981e3b1f436c7d55
-
Filesize
1KB
MD5619b2ad1d1bb9a77fdd4efd98701f04c
SHA1fb234c4eb82611e951d5125686a59b39a1a621b7
SHA2560199ae74924ee5fce3eabf310810f37efa8d4caa2f933ded4d18649d2f95c4fd
SHA5128dec274fc3da13a73097e21e1dd74ddee0c1d908e9a375789871d3ddf4ca4713a4e141187e9173d845e94204f015fcd7f9fbddaead9ec5a310055ee4ce81e67a
-
Filesize
1KB
MD50cb7748646f905c241f0bb3efb0c2f03
SHA1957b32b4668ebfbeeb889406bc81a69a0bacfdcc
SHA256b612342629ad040451ce89db07b4baeda6be72fca66d2a83594b737061c4f01f
SHA512f24cd5117ef8b3dfb36ed8b25d1b29f39ce305ab5f87f39c7b41eb8437797142a41b01b5ded2ec4828bca62387230d8a2f17ea2273ba0d5514751e4ee30d6502
-
Filesize
203B
MD5d06abb1868a4d601d36e0fce7427ec03
SHA1dd5fc06751f825f0c35b8e713307ec87fc8be29e
SHA2561d623cca95bcaa3cd66d3af5732c09caccf3e81abe599cd9b553149c58d841d7
SHA512a5ebba6a7119d11d0ea2e53d48a6bda85f3fa126df40a77c495a3ae6e5e997a5fa743534320538aa3485862abc542c5c710b5f0454e8149d32c4da8884eb965d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bed731008c73d0e9c71e4706fabe648b
SHA16d327faee23804d92c4cad879ae7701e38d2a358
SHA256ddd35d623f44e8fef454b78ba84558946121df90bc60bd9175bfd0ba254c6625
SHA512f27362d834c0f4a3cf36f3898d8ab136115b6527723904cdb6dba7777896ed69c7cc17bd9806e6bbff10367e77b7b5f72a725dd24578c8f6c1a6b0c7c1a89a6f
-
Filesize
11KB
MD5b4577d0dfa7c607d69997f0d7232e779
SHA14b1adc0e2c6024471cdd12e3e854008374dff1f8
SHA256812486fe8fec228a3424bc7c33ff1f32c13e3cdf5ebf4d3d7fe1f6f421d480b4
SHA512f63527b4f2707dd940817c0204e974d3ba303999671a19d29de23f158b15b838858699ece2a79994a4d891f433dbc2e638695cf56a868a89a66425fca2d09986
-
Filesize
9.9MB
MD51b8ee61ddcfd1d425821d76ea54ca829
SHA1f8daf2bea3d4a6bfc99455d69c3754054de3baa5
SHA256dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871
SHA51275ba16ddc75564e84f5d248326908065942ad50631ec30d7952069caee15b8c5411a8802d25d38e9d80e042f1dde97a0326f4ab4f1c90f8e4b81396ca69c229a
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB
-
Filesize
18.5MB